tabernus_9

!"#$%&'%"'%$(&)'"*'%+),&)+-.&)'%"'$/0$1"*$0+"*(&2'3*'4"(&'%"')"#34+%$%5''6780&'0$*"9$4/&:'

'!"#$%&'()*+",'-$)$'*.'-"/0%"12'3'("%4+0)&''56$77".#"'8'9*:')*'6$.,7"'0)'

Marco Orta Joe Mount

Legado de datos en dispositivos de almacenamiento.

;*(4&%311+8*'';''';''?6&'01'3"'*&'G3*1+&*$';''?6$)'-*"1'E*)'?*+FG'

P$K"4*3)'O'Q+)+8*'R"*"4$/'%"'/$'@0,4")$'

!"#$%%"'()&%"'%*'+#,-./#*%0'&%'1,/2/*3./4*'+%5-"3'&%'637#08''

903&30':#"'.#2:3;/30'&%'7#'7323;#0'

5*@A7"P0,$,'

Z3]3' Y%&/3' E,73'

=4&%31(&)'B'E&/31+&*")'=4&%31()'S'E&/3-&*)'

E"#34+%$%'%"'D$(&)'B'/$'R")-8*'$/'T*$/'%"/'1+1/&'%"'.+%$'-$)$'("%4+0)&'$.,'J.,'*I'!0I"%&%7"'-$)$'K$.$#"@".)''

^#730'C2:#"73*7%0_'`''C2:#"73*7'^#7%0'

Ciclo de Vida de los Datos

En su control / In your Control Fuera de Su control /Out of your control

Reemplazo / Venta / Donacin Replace/sell/donate

Bien Protegidos / Well Protected

No protegidos No eliminados Unprotected - Not Eliminated

La Seguridad Incluye la Gestin Fin del Ciclo de Vida de los Datos Security Includes End of Lifecycle Data Management'

' ' '' ' '' ' ' ' '' ' ' ' ' '''

' ' ' ' ' ' ''' ' ' ' ' '' ''' ' ' '

' ' ''

' ''' '

L31A$)'"0,4")$)'B'&4#$*+F$1+&*")'-"*"*',&/C-1$)'")(4+1($)',$4$',4&("#"4)"'%"/'4&K&'%"'%$(&)2',"4&'1$4"1"*'%"'0?(&%&)'%+)1+,/+*$%&)',$4$'/$''"/+0+*$1+8*'%"'/&)'%$(&)'%"'/&)'%+),&)+-.&)'%"'$/0$1"*$0+"*(&'$*(")'%"'%")"1A$4/&)X'

Los datos electrnicos deben ser controlados durante todo el ciclo de vida'

!Electronic Data Must be Controlled During Entire Lifecycle'

7&03*0"*("'L$4#+*$%&)'['=4H1-1$)';*1&*)+("*(")'

E0%5-"3"'a-%',#0'637#0'0%'1,/2/*3*'&%'

Eliminar Datos del

de disco duro

En el pasado, la eliminacin de datos se consideraba tpicamente como un proceso de un solo paso Simplemente borrar los datos. In the past, data elimination was typically considered a one step process

Simply erase the data.

Problems with this approach: ! Manual control over what has been erased/not erased ! No backup documentation to show what has been erased ! No process to follow for exceptions/anomalies This leads to: ! Unnecessary destruction of hard drives ! Failed compliance audits

!"#B,%230'.#*'%07%'%*\#a-%_'

7&*(4&/'0$*3$/')&K4"'/&'>3"')"'A$'K&44$%&'['B'/&'>3"'*&'

N&'A$B'%&130"*($1+8*'%"'4"),$/%&',$4$'0&)(4$4'/&'>3"')"'A$'K&44$%&'N+*#]*',4&1")&'$')"#3+4',$4$'"^1",1+&*")'['$*&0$/C$)'

107#',,%$3'3_'

D")(4311+8*'+**"1")$4+$'%"'/&)'%+)1&)'%34&)'

_$//$)'['IK)"4.$1+&*")'"*'U3%+(&4C$)'%"'130,/+0+"*(&'

!$'"/+0+*$1+8*'%"'D$(&)'*&'")'3*',4&1")&'%"'3*')&/&',$)&'-$)$'J70@0.$=*.'01'E*'!*.#"+'$'Q."'()"A'L+*%"11'

'''

!$)'"0,4")$)'%"K"*'%")$44&//$4',4&1")&)'%+)1+,/+*$%&)2')$K"4'"^$1($0"*("'/&'>3"'*"1")+($*'K&44$4'B'0$*("*"4'/$'%&130"*($1+8*',4"1+)$'>3"'03")(4"'/&'>3"'A$')+%&'K&44$%&X'7&0,$*+")'03)('%"."/&,'%+)1+,/+*"%',4&1"))")2'`*&Z'"^$1(/B'ZA$('(A"B'*""%'(&'"4$)"2'$*%'0$+*($+*'$1134$("'%&130"*($-&*')A&Z+*#'ZA$('A$)'K""*'"4$)"%X'

!$'"/+0+*$1+8*'%"'D$(&)'")'3*',4&1")&'%"'0]/-,/")',$)&)''-$)$'J70@0.$=*.'01'$'K47='()"A'L+*%"11'

D")$44&//$4'=4&1")&',$4$'/$'"/+0+*$1+8*'

7&*(4&/$4'/$';*G&40$1+8*'%"'/&)'U1-.&)'

L$*("*"4'D&130"*($1+8*'U,4&,+$%$'

3"'/$)'"0,4")$)'%"K"*'%$4'$'1&*&1"4',]K/+1$0"*("'(&%$)'/$)',?4%+%$)'&'T/(4$1+&*")'%"'%$(&)X''

!$'=?4%+%$'%"'/$'1&*T$*F$''%"'/&)'1/+"*(")'")'%+d1+/'%"'0"%+42',"4&',3"%"')"4'"^(4"0$%$0"*("',"493%+1+$/',$4$'/$)'"0,4")$)'>3"'*&')&*')3T1+"*("0"*("'13+%$%&)$)X''

M","413)+&*")',&4'/$',?4%+%$'%"'D$(&)'E"*)+K/")'M"A"+%4110*.1'*I'!*11'*I'(".10=/"'-$)$'

=3*(&)'1/$."''O'''R"&'S$F"$:$&1'

DUPIE'e'f'E&*')3'4"),&*)$K+/+%$%'A$)($'>3"')"$*'%")(43+%&)g''''

!$)'M","413)+&*")',&4'3)&'+*$%"13$%&')"'.3"/."*'1$%$'."F'0H)'#4$*%")X'3+'")($*'/$)'K3"*$)'*&-1+$)'''J.*4#6'N$,'E":1C'9"+"T1')6"'U**,'E":1'

!$'"/+0+*$1+8*')"#34$'B'$%"13$%$'%"'/&)'%$(&)')"*)+K/")'*&'")'%+d1+/''

a$B'P?1*+1$)'%+),&*+K/")',$4$'A$1"4/&'

@^+)("'3*$'(?1*+1$',$4$',4H1-1$0"*("'1$%$')+(3$1+8*'

Gestin de Datos Al final del ciclo de vida End-of-Life Data Management'

'''

Tcnicas de Eliminacin de Datos al Fin del Ciclo de Vida

End of Life Data Sanitization Techniques'

'''

f!&'>3"'*&'_3*1+&*$'g'bA$('%&")'*&('b&4`g'

'''6!&)'D$(&)'E"'G3"4&*:'fNIg'R&*":'NIg'

Q$1+$4'=$,"/"4$'[''@0,(B'M"1B1/"'J+*'

D$($'&*'$'A$4%'%4+."'+)'*&('i#&*"j'3*-/'+('+)'&."4Z4+V"*'KB'&(A"4'%$($X''D"/"-*#'$'T/"')+0,/B',$4--&*)'(A"'%"/"("%'+*G&40$-&*'+*'$'0$**"4'(A$('$//&Z)'G&4'+('(&'K"'&."4Z4+V"*'ZA"*'(A+)'),$1"'&*'(A"'A$4%'%4+."'+)'*""%"%'$('$'/$("4'-0"X'

' ' 'C7'/0'*#7'5#*%8'

!&'>3"'4"$/0"*("')31"%"'13$*%&')"',3/)$'J&44$4'bA$('M"$//B'a$,,"*)'ZA"*'B&3'a+('D"/"("'

@/'G&40$("&')&/$0"*("'A$1"'/&')+#3+"*("5'_&40$h*#'&*/B'%&")'(A"'G&//&Z+*#'

Y3*/:-,3'%,'&/"%.7#"/#'"3)J'B30%@',30'73B,30'&%'30/5*3./4*'&%'3".L/$#0@',#0'0%.7#"%0'&%'3""3*a-%X''L$*+,3/$(")'(A"'K$)"'4&&('%+4"1(&4B2'T/"'$//&1$-&*'($K/")2'K&&(')"1(&4)'

(%%'7#'%,'&/0.#'&-"#':3"3'%*.#*7"3"'0%.7#"%0'&3;3'a-%'*#'&%B%")3*'0%"'-H,/J3'3,23.%*3"'&%'&37#0'%*'%,'\-7-"#8''M"$%)'"*-4"'A$4%'%4+."'(&'T*%'%$0$#"%')"1(&4)'(A$(')A&3/%'*&('K"'3)"%'G&4'%$($')(&4$#"'+*'(A"'G3(34"X'

N&')&K4")14+K"'/&)'%$(&)'%"'/$'3*+%$%X'';('%&")'*&('&."4Z4+("'(A"'%$($'&*'(A"'%4+."'

107#0'&37#0'7#&3$)3':-%&%'0%"'"%.-:%"3'-H,/J3*':"#5"3230'&%'0#ST3"%'\R./,2%*7%'&/0:#*/B,%0''PA+)'%$($'1$*')-//'K"'1$,(34"%'3)+*#'4"$%+/B'$.$+/$K/"')&kZ$4"',4$0)X'

7&*1",(&'"448*"&5'L+)1&*1",-&*''

M"$/+%$%5'M"$/+(B'

fP?1*+1$)'>3"'E+'_3*1+&*$*g''P"1A*+>3")'(A$('D&'b&4`g'

6%0235*%HJ3./4*'&%'&/0.#'&-"#'`'4+5'.$$%15)02)"'-*)*-%3+'

'''

c%*73]30_'E&$3*735%0'

Destruccion Fsica del Dico Duro Physical Destruction of Hard Drive'

'''

1*'a-%'0/7-3./#*%0'&%B%'-03"0%',3'

&%0235*%HJ3./4*_'

D")0$#*"-F$1+8*''-"#$4110.#'9$+,'-+0/"'

O-3*'0%'&%B%'-H,/J3"'7"+1)03+-7-%/15)$"0.(*)9+).$+*'

3+,&)',$4$')&K4"")14+K+4/&)'e''D4+.")'%&'*&('*""%'(&'4"0&."%'G4&0')B)("0'(&'&."4Z4+("'(A"0'

6%0$%*73]30_'6/03&$3*735%0'

'''

Mtodos de Eliminacin de Datos por Sobreescritura Methods of Data Erasure Overwriting'

J&44$%&'%"'/$,(&,)[%")`(&,)'$'(4$.?)'%"'!UN'

J&44$%&'%"'U44"#/&)'%"'U/0$1"*$0+"*(&'&'P&44")'

'''

Ye7#A)B+,"0*'!$)'1&0,3($%&4$)'$'K&44$4')"'1&*"1($*')+03/($*"$0"*("'$'(4$.?)'%"'

3*$')3KO4"%'B')&*'K&44$%$)'%")%"'3*$'1&0,3($%&4$'1"*(4$/'>3"'"9"13($'"/')&kZ$4"'%"'K&44$%&''

;S$+#")'%*@A4)"+1'$+"'70.F",')*#")6"+'/0$'14H;.")'$.,'"+$1",'I+*@'$'%".)+$7'6*1)'%*@A4)"+'+4..0.#')6"'"+$14+"'1*^:$+"'

N&($)'R"*"4$/")5'U"."+$7'A+*,4%)'.*)"12'

+4,#'+#ST3"%'

'''

Ye7#_'B+,"0*''!&)'%+)1&)')3"/(&)')"'K&44$*'+*%+.+%3$/0"*("'3)$*%&'3*'">3+,&'

1$,$F'%"'"*"4#+F$4/&)'B'1&*"1($4)"'1&*'"//&)X'''!**1"'6$+,',+0/"1'$+"'"+$1",'0.,0/0,4$77&'410.#'$.'$AA70$.%"')6$)'%$.'A*:"+')6"',+0/"'$.,'

%*@@4.0%$)"':0)6'0)X'

N&($)'R"*"4$/")5'U"."+$7'A+*,4%)'.*)"1'

D):/.32%*7%'0#:#"73':#"'U3"&T3"%O'S&A0%$77&'$AA70$.%"'H$1",'

P3*5#0'&%'-*#'3'.%'&/0:#0/H$#0'B#""3'0/2-,73*%32%*7%''OM$.#"1'I+*@'*."')*'):"7/"'10@47)$."*41'"+$14+"1'

!-%&%'0%"'&%:%*&/%*7%'&%,'H:#'&%'6/0.#';'?077'H"',+0/"')&A"',"A".,".)'

+EDE'g'C61'&/0:#*/B,%''O'(3S3B

Ye7#_'B+,"0*'!&)'%+)1&)'$'K&44$4')&*',4&1")$%&)'B$')"$'%+4"1($0"*("',&4'U44"#/&'%"'%+)1&)'o>3+*1"'%+)1&)p'&'K+"*',&4'(&44"'1&0,/"($'o1+"*(&)'%"'%+)1&)['''''''''''''''''

;'S$+#")',+0/"1'$+"'"+$1",':0)60.')6"'I+$@"'*I'"0)6"+'$'1)*+$#"'$++$&'Zb^"".',+0/"1['*+'$.'".=+"')*:"+'Z64.,+",1'*I',+0/"1['

N&($)'#"*"4$/")'5'U"."+$7'A+*,4%)'.*)"1'

Y-.L30'%07"37%5/30'&%'%]%.-./#*'h'9+Z@'U3"&T3"%'a-%'0%'.#*%.73'&/"%.732%*7%'3',#0'+7#"35%0''';''K$.&'$Y$%F'1)+$)"#0"1'$/$07$H7"'C'`(NW',0+"%)'%*.."%)'$AA70$.%"1'

+#,-./4*'3,732%*7%'.#2:,%]3'&%'&%03""#,,3"'`':#.#0'$%*&%"%0';''90#67&'%*@A7"\'1*74=*.')*',"/"7*A'C'I":'/".,*+1'

Borrado de Discos en Torres de Almacenamiento Masivo Erasure of Hard Drives in Storage Towers'

Ye7#_'B+,"0*''!&)'">3+,&)'o/$,(&,[%")`(&,p')&*'K&44$%&)'4"0&($0"*("'

3-/+F$*%&'3*')&kZ$4"'%")1$4#$K/"'';S$+#")'7$A)*AB,"1F)*A'01'"+$1",'+"@*)"7&'410.#',*:.7*$,$H7"'1*^:$+"'

N&($)'R"*"4$/")'5'U"."+$7'A+*,4%)'.*)"1'

(3'23G#")3'"%a-/%"%*'a-%23"'-*'O6'.#*'%,'0#ST3"%'3'-H,/J3"'';'K*1)'+"c40+"'41"+')*'H4+.'5-':0)6'1*^:$+"')*'41"'

E,5-*#0':"#&-.7#0':-%&%*'%*$/3"',#0'"%:#"7%0'&%,':"#.%0#'3'7"3$e0'&%'%23/,'3,'0%"$/"'.%*7"3,'';'(*@"'A+*,4%)1'%$.'1".,'"+$14+"'+"A*+)'/0$'"@$07')*'6*1)'1"+/"+'

O#2-*2%*7%'0%'%*$)3*'3'7"3$e0'&%'(E^'/*7%"*3';'5$.'*^".'H"'1".)'/0$'0.)"+.$7'!3E'

Borrado de Equipos Remotos Erasure of Remote Assets'

'''

Recomendaciones para Su Organizacin Recommendations for Your Organization'

'''Desarrollo de una poltica corporativa

Develop an agency policy'

!Tener una poltica para todos los tipos de dispositivos de datos - Have policy for all types of data devices !Ej. Computadoras, dispositivos mviles,

Impresoras, etc. - Ex. Computer, Mobile Phone, Printer, '

Entrene a su equipo Educate your staff '

!Educar al equipo sobre la importancia del control de datos y las polticas relacionadas - Educate staff on the importance of data control and the policies

Evale lo que necesita para borrar periodicamente Assess what you need to erase every time

!Que requiere ser borrado y asegrese que su poltica lo considera - What needs to be erased and ensure that your current policy covers

Documente lo que hace Document what you do !Generar y controlar con precisin la

documentacin de todas los equipos o dispositivos de almacenamiento que estn siendo sacados de la produccin o reemplazados. - Generate and accurately control documentation on all pieces of storage media that are decommissioned or replaced.

Recomendaciones para un control exitoso de datos al final del ciclo de vida

Recommendations for Successful End of Lifecycle Data Control'

'''

Preguntas? Questions?'

=&4'G$.&4'.+)+("*&)'"*'"/'E($*%'tlusv'=/"$)"'.+)+('3)'$('J&&(A't'lusv'

'."*($)w($K"4*3)X1&0'ZZZX($K"4*3)X1&0'

fR4$1+$)g'S6$.F'd*4G'

Documents

tabernus_9